Presentation is loading. Please wait.

Presentation is loading. Please wait.

Course 201 – Administration, Content Inspection and SSL VPN

Published byLucinda McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Course 201 – Administration, Content Inspection and SSL VPN"— Presentation transcript:

1 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Web Filtering RTOL

2 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device Create web content and URL filters Configure FortiGuard Web Filtering Configure FortiGuard Web filtering overrides Define firewall policies using web filter profiles RTOL

3 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Web Filtering Means of controlling the web content that a user is able to view Preserve employee productivity Prevent network congestion where valuable bandwidth is used for non-business purposes Prevent loss or exposure of confidential information Decrease exposure to web-based threats Limit legal liability when employees access or download inappropriate or offensive material Prevent copyright infringement caused by employees downloading or distributing copyrighted materials Prevent children from viewing inappropriate material Web filtering is a means of controlling the web content that an Internet user is able to view. Some important reasons for controlling web content include: Lost productivity because employees are accessing the Web for non-business reasons Network congestion where valuable bandwidth is used for non-business purposes Lost or exposure of confidential information Chat, IM, Peer-to-Peer Increased exposure to web-based threats as employees browse to non-business related web sites Legal liability when employees access or download inappropriate or offensive material Copyright infringement caused by employees by downloading or distributing copyrighted materials Protecting children from viewing inappropriate material FortiGate web filtering includes manual or fully automatic mechanisms for scanning, inspecting, rating and controlling web activities. Manual methods include creating web content filters or URL filters. Automated methods include FortiGuard web filtering. These mechanisms interact with each other to provide maximum control over what the Internet user can view as well as protection to your network from many Internet content threats. RTOL

4 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Web Content Filtering Create Pattern list in the CLI Drugs Score=10 Pharmacy Score=5 Prescription Threshold=18 10 +5 +5 =20 Block or Exempt Web content filtering can be used to block access to web pages containing specific words or patterns. Prevents access to pages with questionable material Add words, phrases, patterns, wild cards and regular expressions to match content on the web pages The web content filter scans the content of every web page that is accepted by a Firewall policy. Using the CLI, the administrator specifies banned words and phrases and attaches a numerical value (score) to the importance of these words and phrases: When the web content filter scan detects banned content it adds the score of the banned words and phrases in the page If the sum is higher than the threshold value set in the web filter profile, the FortiGate unit performs the action set in the filter (block or exempt) Blocked pages are replaced with a message indicating that the page is not accessible according to the Internet usage policy If the action in the web content filter is set to Block and the pattern appears on a web page, the page will be blocked If the action in the web content filter is set to Exempt, the page will not be blocked even if the filter would otherwise block it Score for a pattern applied only once, even if it appears multiple times in the web page The score for any word in a phrase without quotation marks is counted The score for a phrase in quotation marks is counted only if it appears exactly as written The patterns defined in the web content filter can include wild cards or regular expressions. Web content patterns can be one word or a text string up to 80 characters long The maximum number of patterns in the list is 5000 Once the pattern list is created in the CLI – it can be selected in the Web Filter Profile configuration in Web Config. Sample Web Content Filter configuration: config webfilter content edit config entries edit "drugs“ set status enable next edit "pharmacy“ set score set status enable next edit "prescription“ set score set status enable next end set name "Sample_Content_Filter“ next end RTOL

5 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Web Content Filtering Create Pattern list in the CLI Drugs Score=10 Pharmacy Score=5 Prescription Control web access by allowing or blocking web pages containing specific words or patterns Wildcards or regular expressions can be used to define patterns The scores assigned to matched patterns are added If higher than the threshold, the FortiGate unit performs the configured action Score for matched patterns is counted once even if it appears multiple times on the web page Threshold=18 10 +5 +5 =20 Block or Exempt RTOL

6 Flow-based Web Filtering
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Flow-based Web Filtering Non-proxy solution that uses IPS engine to perform inspection FortiGuard web filtering override will not apply when flow-based inspection is enabled Example: Block IT category and allow override for If user attempts to access (IT category), user will receive Page Not Found error RTOL

7 Flow-based Web Filtering
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Flow-based Web Filtering Select inspection mode in web filter profile In the CLI: config webfilter profile edit “default” set flow-based enable RTOL

8 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Web URL Filtering URL Filter list URL: Block Allow Monitor Exempt You can allow or block access to specific URLs by adding them to the URL Filter list. URL patterns can be added using text, wild cards or regular expressions. The URL Filter can apply one of the possible 4 actions to the URL pattern: Block The FortiGate unit blocks any attempt to access any URL matching a predefined pattern. A replacement web page is displayed in its place Allow The FortiGate unit will permit access to a URL that matches a predefined pattern. The traffic is passed to the remaining proxy operations including FortiGuard web filtering, web content filtering, web script filtering and antivirus filtering Monitor The FortiGate unit will pass traffic through for requests matching a predefined URL pattern and will log access to the matching URL. The UTM log entry for Web Filter displays the message “URL was allowed because it is in the URL filter list “ and the status is set to passthrough Exempt When you add a URL pattern to a URL filter and apply the Exempt action, traffic from sites matching the URL pattern, will bypass all antivirus proxy operations. This is similar to the Pass action with the difference being that the connection itself inherits the exemption. This means that all subsequent reuse of the existing connection will also bypass the proxy operations. Each URL filter list can have up to 5000 entries. RTOL

9 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Web URL Filtering URL Filter list URL: Control web access by allowing or blocking specific URLs Text, wildcards or regular expressions can be used to define the URL patterns Possible actions include: Block Allow Monitor Exempt Block Allow Monitor Exempt RTOL 9

10 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering SafeSearch Safe Search: Google Bing Yahoo! Search: chicken&safe=on Search: chicken SafeSearch is a feature used by popular search engines to prevent explicit web sites and images from appearing in search results. If SafeSearch is selected for a supported web site (Google, Bing and Yahoo) the FortiGate unit will rewrite the search URL sent to the search Web site to include the required code for enabling the SafeSearch feature. For example, the code &safe=on is added to any search requests submitted to Google when SafeSearch is enabled RTOL

11 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering SafeSearch Safe Search: Google Bing Yahoo! SafeSearch is used by search sites to prevent explicit web sites and images from appearing in search results FortiGate unit rewrites the search URL to include the required codes to enable SafeSearch Supported on Google, Bing and Yahoo! Search: chicken&safe=on Search: chicken RTOL

12 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering FortiGuard Web Filter Categories URL: Allow Block Monitor Warning Authenticate FortiGuard Web Filter is a managed web filtering solution available by subscription. Web pages are rated and categorized FortiGuard Web filtering enhances the web filtering features of the FortiGate unit by sorting billions of web pages into a wide range of categories that can be allowed, or blocked. The FortiGate unit accesses the nearest FortiGuard Distribution server to determine the category of a requested page and then apply the Firewall policy configured. Web pages are sorted and rated into categories an administrator can allow or block. Categories may be added or updated as the Internet evolves FortiGuard web filter ratings are performed by a combination of methods including: Text analysis Exploitation of web structure Human raters Users can notify FortiGuard Subscription Services if they feel that a web page is not categorized correctly so that the service can update the categories in a timely fashion. When a request for a web page appears in traffic controlled by a Firewall policy with FortiGuard Web Filtering in place, the URL is sent the nearest FortiGuard Server and the URL category is returned. If the Category is blocked the FortiGate unit provides a replacement message in place of the requested page If the Category is not blocked the page request is sent to the requested URL as normal RTOL

13 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering FortiGuard Web Filter Categories URL: The FortiGate unit accesses the FortiGuard distribution server to determine the category of a requested page Action is taken based on selection in web filtering profile Web filter rating determined by: Human rater Text analysis Exploitation of web structure Allow Block Monitor Warning Authenticate RTOL

14 FortiGuard Web Filter Categories
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filter Categories FortiGuard web filtering categories are designed to be easily managed and are patterned to industry standards. Each Category contains web sites or web pages that have been assigned based on their dominant web content Categories based on suitability for enterprises, schools, and home Click here to read more FortiGuard Web Filtering categories RTOL

15 FortiGuard Web Filter Categories
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filter Categories Click here to read more FortiGuard Web Filtering categories RTOL RTOL 15

16 FortiGuard Web Filtering Caching
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filtering Caching Cache URL: Category Phishing News/Media Gambling Caching is available and is strongly recommended as it improves performance by reducing the number of ForitGate unit requests sent to the FortiGuard server. Caching values apply to both filtering and web filtering. The Cache uses a small percentage of the FortiGate’s system memory. When the Cache is full the last recently used item is deleted. A Time to Live (TTL) setting controls the number of seconds filtering query results are stored in the cache before contacting the server again. FortiGuard Services are reachable over port 53. An alternate port of 8888 can be used. Use Test Availability to verify that the FortiGuard services are available through either the default port or the alternate port. RTOL

17 FortiGuard Web Filtering Caching
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filtering Caching Cache URL: Category Phishing News/Media Gambling Caching improves performance by reducing FortiGate unit requests to FortiGuard servers Cache checked before sending request to FortiGuard server TTL settings controls the number of second query results are cached Small amount of FortiGate unit system memory dedicated to the cache Alternate port number of 8888 can be configured for access to FortiGuard servers RTOL RTOL 17

18 FortiGuard Web Filtering Usage Quotas
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filtering Usage Quotas Category: Games Category: Games Category: Games Category: Games Category: Games “Games” Quota “Games” Quota In addition to using Category blocks to limit user access to URLs, a daily timed access quota can be set. Quotas allow access for a specified length of time calculates separately for each user. Users must authenticate with the FortiGate unit since the quota is applied to each user individually The use of FortiGuard Web server quotas is ignored if applied to Firewall policy in which user authentication is required When a user first attempts to access a URL, they’re prompted to authenticate with the FortiGate unit. When authenticated, the FortiGate unit determines their quota allowances and monitors their Web usage. The Category of each page they visit is checked and the FortiGate unit adjusts the user’s remaining available quota for the Category Quotas can be applied to Categories, Category Groups however only one quota per user can be active at any one time. Editing the Web Filter profile resets the quota timer for all users “Games” Quota RTOL

19 FortiGuard Web Filtering Usage Quotas
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filtering Usage Quotas Category: Games Category: Games Category: Games Category: Games Category: Games Quotas allow access to specific categories for a specific length of time Calculated separately for each user and for each category User must authenticate “Games” Quota “Games” Quota “Games” Quota RTOL

20 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Local Ratings Local ratings Category: General Organizations Local Ratings allow an administrator to override the rating applied to a URL by FortiGuard Subscription Services. A URL can be reassigned to a completely different category. This can be used when the Category assigned by FortiGuard conflicts with the requirements of your organization The Local Rating settings only apply to your FortiGate unit, the changes you make are not sent to FortiGuard Subscription Services. Example: A competitor web site is ABC.com. FortiGuard categorizes this as the General Interest which is blocked by your web filter. You want to permit access to competitor web sites for your employees so you reassign this web site to the Business Oriented category which is allowed. Sub-Category: Information and Computer Security RTOL

21 Local Ratings Override applies to FortiGate unit only
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Local Ratings Local ratings Category: General Organizations Can override the rating applied to a URL by FortiGuard Subscription Services URL reassigned to a completely different category Override applies to FortiGate unit only Changes not submitted to FortiGuard Subscription Services Sub-Category: Information and Computer Security RTOL RTOL 21

22 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Local Categories Create New Local Category config webfilter ftgd-local-cat edit "Research“ set id 145 next end Local categories are labels that describe web content and can be used to customize how FortiGuard Web Filtering works. Once the administrator creates local categories in the CLI, they appear under the section Local Categories in the FortiGuard Categories window. This allows web traffic logging to a category label created by the Administrator. Example: The administrator decides that they would like to log access to the competitor ABC.com web site but does not want to log the entire Business Oriented category. You create a new Local Category called Competitors and assign ABC.com to that Category. RTOL

23 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Local Categories Create New Local Category config webfilter ftgd-local-cat edit "Research“ set id 145 next end Local categories allow logging of web traffic to a category created by an administrator Appears under Local Categories section in FortiGuard Categories listing RTOL RTOL 23

24 FortiGuard Web Filtering Overrides
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filtering Overrides Category: Spyware and Malware Block Log Authenticate Configure FortiGuard web filtering overrides to allow access to web sites blocked by FortiGuard Web Filtering. Override page is presented, and user must authenticate RTOL

25 FortiGuard Web Filtering Overrides
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering FortiGuard Web Filtering Overrides Category: Spyware and Malware Allows access to web sites blocked by FortiGuard Web Filtering Two methods: Warning Allows user to proceed to blocked web site Authenticate User must authenticate to override web site block Block Log Authenticate RTOL RTOL 25

26 Web Filtering Override Page
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Web Filtering Override Page Action = Warning Web Filtering Block Override Page RTOL

27 Web Filtering Override Page
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Web Filtering Override Page Action = Authenticate Web Filtering Block Override Page RTOL RTOL

28 Web Filtering Overrides
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Web Filtering Overrides Filter Override Marketing RTOL RTOL 28

29 Web Filtering Overrides
Course 201 – Administration, Content Inspection and SSL VPN Web Filtering Web Filtering Overrides Marketing Allows access to web sites blocked through URL or web content filtering Override page presented, user must authenticate RTOL RTOL 29

30 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Order of Web Filtering URL Filter FortiGuard Web Filter URL Filtering Exempt Block Allow Monitor FortiGuard Web Filtering Web Content Filtering Advanced Filter Options The Advanced Filter section of the Web Filter Profile provides a number of other filtering options such as: Script Filtering Enable filters to block ActiveX scripts or Java applets from web traffic Web sites may not function properly with this filter enabled Cookie Filtering Enable to filter cookies from web traffic Web Resume Downward Block This filter will prevent the resumption of a file download where it was previously interrupted For example any attempt to restart an aborted download will download the file from the beginning rather than resuming from where it left off This prevents the unintentional download of viruses hidden in fragmented files Block Invalid URLs Enable to block web sites when the CN field in an SSL certificate does not contain a valid domain name HTTP Post Select the action to take with HTTP POST traffic When set to Block users will be limited from sending information and files to web sites When the POST request is blocked the FortiGate unit sends a replacement message to the web browser attempting to use the command Web Content Filter Advanced Filter Options RTOL

31 Course 201 – Administration, Content Inspection and SSL VPN
Web Filter Profiles Web Filtering Web filter profile: Web filtering and FortiGuard web filtering is enabled and configured through web filter profiles. The profile is then in turn applied to a Firewall policy. Any traffic processed by the policy will have web filtering applied to it Firewall policy RTOL

32 Course 201 – Administration, Content Inspection and SSL VPN
Web Filter Profiles Web Filtering Web filter profile: Web filtering, FortiGuard web filtering and advanced filtering options enabled through web filtering profiles Profile in turn applied to firewall policy Any traffic being examined by the policy will have the web filtering operations applied to it Firewall policy RTOL RTOL 32

33 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Labs Lab - Web Filtering Testing Web Category Filtering Configuring Web Filtering Warnings Configuring Web Filtering Quotas Click here for step-by-step instructions on completing this lab RTOL

34 Course 201 – Administration, Content Inspection and SSL VPN
Web Filtering Student Resources Click here to view the list of resources used in this module RTOL

Download ppt "Course 201 – Administration, Content Inspection and SSL VPN"

Similar presentations

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Course 201 – Administration, Content Inspection and SSL VPN Filtering

Course 201 – Administration, Content Inspection and SSL VPN Filtering
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Web Content Filter: technology for social safe browsing Ilya Tikhomirov Institute for Systems Analysis of the Russian Academy of Sciences

Web Content Filter: technology for social safe browsing Ilya Tikhomirov Institute for Systems Analysis of the Russian Academy of Sciences
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.

Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Fortinet Single Sign On

Fortinet Single Sign On
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.

Similar presentations

Ads by Google